[Dev] Cynara

On 14.4.2014 17:07, Lukasz Wojciechowski wrote:
> I think apps cannot do anything they want with user data. Even native
> apps have access only to their private data.
> Every application with its data folders should be Smack labeled. Smack
> labels are added in installation process for all applications: web,
> native, etc.
> Different Smack labels for apps give us Smack level separation.
Well, this was also how I understood the original SMACK intention. But
then someone said that there would be only three SMACK labels and that
it wouldn't be possible to tell applications apart based on SMACK labels...
If applications can introduce their own SMACK labels to group their
data, my cases should be fine.
> One assumption for Smack is needed for this model to work: to assign
> separate Smack labels for the applications. I believe that there is a
> consensus to go that way.
OK, sounds good. So I can fetch peer creds and match those against data
ACLs...
> While different, the app labels would still logically belong to the User
> domain. This is probably very confusing, given the "3-domain policy"
> name, but a domain is defined as a set of labels.
OK, this was confusing me at least. I thought that there would be only
three SMACK labels...